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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )£3 Responsive to communication(s) filed on 10 March 2004 . 
2a)Q This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 5-11 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) D Claim(s) is/are rejected. 

7) £3 Claim(s) 5-11 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)[X] accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This action is responsive to communication: amendment filed 
10 March 2004 with recognition of a filing date of 19 April 2000. 

2. Applicant's election with traverse, Group III (Claims 5-11) in Paper No. 5. The 
traversal is on the grounds that the Office has not shown: proof of a serious burden, or 
that the subcombinations have utility other than in the disclosed combination by way of 
example, or legal proper test for imposing restriction because the claims are 
independent and distinct. This is not found persuasive because the burden is cause by 
the different methods of providing computer security and assisting computer security: 
Group I is directed to a computer security service with policy builder, with database 
component with validator component which is different from Group II with is an interface 
for a computer security service with grid, with user labels, with resource labels. Groups I 
and II are different than Group III which is directed to a computer security service with a 
policy builder with a web-based delegated administration. The independent claims 
themselves are evidence that the groups can be used individually. In the independent 
claims of Group I and II there is not any dependency for a web-based delegation. In 
the independent claims of Group I and III there is no detailed description of a GUI with 
grid and labels. Finally in the independent claims of Group II and III there is no 
description on a database or validator component. 

The requirement is still deemed proper and is therefore made FINAL. 

3. Claims 5-1 1 are currently pending in this application. Claim 5 is an independent 
claim. 
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Claim Rejections - 35 USC § 103 



4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 5-11 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Flint et al. U.S. Patent No. 6,453,419 (hereinafter '419) in further view of USING 
MICROSOFT® FRONTPAGE™ written by Neil Randall and Dennis Jones Copyright© 
1996 by Que® Corporation (hereinafter FRONTPAGE). 

As to independent claim 5, "A computer security service for a computer 
network accessible by users and comprising services and resources, the 
computer security service comprising, a policy builder component available to 
one or more policy managers," is taught in '419 col. 2, lines 6-42 "The present 
invention is a system and method of implementing a security policy, comprising the 
steps of providing a plurality of access policies, defining a process and connecting the 
access policies and the process to form a security policy. According to another aspect 
of the present invention, an access control mechanism is described in a computer 
network having a plurality of separate networks" (i.e. "building" same as "defining") (i.e. 
"one or more policy mangers" implied in "plurality of networks"); 

"for defining access policies for the computer network users, services and 
resources, and" is disclosed in ( 419 col. 4, lines 14-36 "In one such embodiment, ACLs 
consist of all the required kernel code ... Also included are the system calls that the 
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user level programs need to use ... The first, Services node 60, decides which 
service(s) the rule will control" (i.e. "resources" same as "programs"); 

"the delegated administration component comprising a graphical user 
interface available to users for defining said access policies" is taught in col. 2, 
lines 51-52 "FIGS. 61 -6d, 7, and 8 show how an access control rule is built in an 
graphical user interface (GUI) system"; 
the following is not taught in '419: 

"a web-based delegated administration component accessible to users for 
defining access policies for the computer network users, services and 
resources," however FRONTPAGE pages 94-101 teaches "Setting Administrator, 
Author, and User Permission ... This process is valuable if you want to set up a Web 
whereby purchasers of your service or product" in pages 94-101 . 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify a security service for a computer network taught in '419 to include a 
web-based administration component. One of ordinary skill in the art would have been 
motivated to perform such a modification to design web pages and utilize the Internet 
see FRONTPAGE, page 2 "Putting together a site hasn't been as easy as it might be, 
though. Until very recently, setting one up required not only an Internet connection but 
also some pretty specialized knowledge about how Webs are built and maintained and 
the ability to create the pages of the Web site using a language called Hypertext Markup 
Language (HTML). Not everyone who wanted a Web site had that knowledge and 
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ability or the time or desire to acquire them. This is where Microsoft FrontPage steps 
into the breach". 

As to dependent claim 6, "in which the delegated administration 
component is implemented as a service supported by the computer security 
service." is taught in '419 col. 12, lines 1-7 "There are a number of possible WWW 
Filters" 

As to dependent claim 7, "in which the graphical user interface comprises 
one or more HTML format pages accessible to users." is shown in FRONTPAGE 
page 170 "FrontPage Editor generates the HTML code automatically as you put things 
onto your page". 

As to dependent claim 8, "further comprising a delegated administration 
definition component for defining delegated administration permissions for users 
whereby users are selectively enabled to use the delegated administration 
component to define access policies for specified resources and users" is 
disclosed in '419 col. 6, lines 3-11 "The user draws a graph which starts with a service 
and a to-from set ... The user is building a decision tree". 

As to dependent claim 9, "in which the delegated administration definition 
component further comprises a graphical user interface for displaying a grid 
having nodes, laid out on a first axis and on a second axis, each node 
corresponding to a variable set of users, potentially including the null set, for 
which delegated administration permissions are granted, the position of each 
node relative to the first and second axes in the grid defining the users and the 
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resources, respectively, for which permissions are granted for the node" is taught 
in '419 col. 6, lines 25-37 "As noted above, in one embodiment each node in the 
decision tree can be one of two types of node. This first type ... To the user, on the GUI 
... the service will ignore filters which do not apply ... The false branch is always a deny 
service" (i.e. "axis" same as "branch") (i.e. "null set" same as "ignore"). 

As to dependent claim 10, "the graphical user interface further comprising 
an array of nodes relative to the second axis for defining specified users enabled 
to modify user data maintained by the computer security service, the position of 
each node in the array of nodes, relative to the first axis, defining the user data 
for which the modification of data is enabled" is shown in '419 col. 6, lines 4-11 "the 
user creates a path consisting of the desired options which can include: time, session 
counts, authentication, encryption, users/group, WWW filters ... The user is building a 
decision tree". 

As to dependent claim 11, this claim is directed to a computer readable 
program code of the computer security service of the above claims and is rejected along 
the same rationale. 
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Conclusion 



6. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Ellen C Tran whose telephone number is 

(703) 305-8917. The examiner can normally be reached on 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 306-5484. 




Ellen Tran 
Patent Examiner 
Technology Center 2134 
22 April 2004 



